Monday, August 30, 2010

Today i had a problem when i wanted to implicitly link my program with a function residing in ntdll.dll and since i have Microsoft Visual C++ 6.0, i couldn't find the corresponding import library, ntdll.lib, nor the header file. And for some reason, I didn't want to explicitly link to ntdll.dll.

So i thought about doing this without using any external tools. I don't know if any tool does really exist for this.

I had any idea to achieve this. All we have to know is the function name, calling convention, and arguments types and number. Even if we miss one of them, it is not the end of world, there are other solutions that i will blog about in later posts.

The solution is as follows:

Just act like you are creating a DLL from the scratch. Open a project for dynamic-link library. Give it the same name as the DLL you want to implicitly link to.
Now create a dummy function with the same name as the function we want to import. Also give it the same calling convention and arguments info.

To implicitly link to ntdll.dll and import the "wcslen" function, Do as in the image below:_

As you can see our wcslen does nothing, it is just a skeleton for the real "wcslen" function.

Now export the dummy function from the dummy DLL by creating a .def file (the way i prefer).

After we have successfully built it, we get ntdll.dll and ntdll.LIB. we only care about ntdll.LIB. Copy it into the "microsoft visual studio\VC98\Lib" folder.

Back to our original project, add ntdll.LIB to your project's Object/Library modules.
Now you have to write the function prototype: